With multifactor authentication, UCLA trades in convenience for security

Posted:

April 10, 2018

4:14 am

UCLA experts said while multifactor authentication may protect users’ personal information, requiring them to authenticate frequently is redundant.

All UCLA students are required to use multifactor authentication to log in to their MyUCLA account starting April 17. Multifactor authentication is a security enhancement system that requires users to provide two methods of identification when logging in to UCLA websites, such as through the mobile application Duo with a text message or a phone call.

Administrative Vice Chancellor Michael Beck said in an interview with the Daily Bruin Editorial Board on Monday multifactor authentication is necessary because there are many attacks on campus information technology infrastructure on a daily basis. He added students’ personal information has been compromised in the past.

Jens Palsberg, a computer science professor, said even though he agreed multifactor authentication would make UCLA’s online environment safer, he thinks Duo makes the MyUCLA login process inconvenient, because users need to authenticate frequently.

The app requires each person to authenticate every few hours, which is a trade-off between redundancy and safety, Palsberg said.

“We can get the safety we need by authenticating every few weeks,” he said. “UCLA has increased the hassle way too far with the current setting of the multifactor authentication.”

Carey Nachenberg, a computer science department adjunct professor and chief scientist at Chronicle, a cybersecurity company, said this problem could be solved if the app were to allow a setting that only requires authentication when it detects unusual account activities, such as logging in through unfamiliar devices.

Cybersecurity breaches in the past 10 years have shown that password authentication by itself does not sufficiently protect an account from being hacked, said Peter Reiher, an adjunct professor in the computer science department.

Reiher said cybercriminals may illegally hack into an account by guessing simple password patterns. Successfully acquiring the password of one account would also jeopardize the user’s other accounts if they share the same password.

Since companies typically keep information, such as a list of passwords, in a file, it is also possible to gain unauthorized access to accounts by accessing that file, Reiher said. He added it is possible for companies such as Yahoo to lose thousands of passwords if they lose the data file.

“UCLA is a little late to (introduce multifactor authentication), but I’m glad that we caught up,” he said.

Reiher said users at UCLA cannot log in to their accounts when their mobile devices run out of battery or do not have access to the internet. However, he said this can be solved by having a backup multifactor authentication device, such as a landline.

Students who do not own a cell phone or misplace their phone can receive temporary tokens from Bruin OnLine that they can plug in to any computer when logging in to UCLA websites. Nachenberg said some multifactor authentication services, including Duo, also provide codes that can be typed in without internet connection.

Sacrificing personal convenience to implement multifactor authentication not only protects students’ personal information but also protects the UCLA community as a whole, Reiher said, because illegal access into one student’s account may allow cybercriminals to access other accounts in the UCLA system.

“The trade-off is not only between individual account security and convenience,” he said. “(Multifactor authentication) benefits the online security of the whole community.”

Poll

LA City Council recently voted to reinstate limitations regarding homeless LA drivers living in their cars. These regulations will run until January, and states that they are prohibited from spending the night in their cars on residential streets, or live in their vehicles at any time within a block of a park, school, preschool or daycare facility. What are your thoughts on this?
Reinstating these limitations could cause more issues than it could fix. Homeless drivers that use their cars as a home are not the root problem the LA City Council should be focused on addressing.
It was a good idea to reinstate these limitations, since homeless drivers could possibly become intrusive and pose a threat to residential areas and places where children are most present.
These limitations are neither good or bad, and does not affect me as a student because I am not homeless, nor am I living in my car.
I have feelings about this that are not described in the options above.
Submit View results without voting »

Looking for help to assist wheelchair-bound incoming Female Freshman in the dorms at UCLA Duties are in the evening for bathroom/showering assistance, etc. Good opportunity for practical experience for medical/nursing/therapy student while earning money. Starting date would be weekend of September 21st. Looking for two females that could alternate or cover for each other. Pay negotiable if interested for more information please email [email protected] or call/text 310-717-6823 • Help Wanted

Teen Supervision Single Parent professor seeks graduate or professional student for occasional supervision of two teen children, particularly for overnight care. Duties include supervision of meals and homework, transportation to and from school and events, and other duties while parent travels for work or personal plans. Duties will include overnight stays in the family's guest room (with private bath) so that children are not alone for out-of-town travel by the parent. Children are 8th graders and attend school near the UCLA campus. They are largely self-regulating, generally cooperative, and they provide all necessary care to the family dogs. Applicant should have a car with insurance, be responsible, relate well with young people, and be fine with dogs. Fee is negotiable. Frequency is approximately twice per month, usually for two nights. This is a great way to pick up some extra income with little or no impact on studies. Applicants should submit basic information about themselves, summary of experience, and the names of two references to: Professor Gary Segura [email protected] • Child Care Wanted